Devices such as firewalls are sometimes used to prevent individuals from accessing resources to which they are not authorized. As an example, members of the public may be entitled to access content served by a web server, but not authorized to access other services available on the server such as administrative tools. A firewall can enforce such policies, such as through a set of rules that include static information about the server such as an IP address.
Increasingly, businesses and other entities are using hosted computing resources instead of purchasing and maintaining computer hardware themselves. As one example, instead of maintaining a set of dedicated physical machines (e.g., to serve web pages), businesses run virtual machines on leased hardware. In such a scenario, if a particular physical machine fails, the virtual machine image(s) running on that physical machine can be migrated to a new physical machine. Unfortunately, the dynamic nature of virtual machine migration can pose problems for firewall rules which traditionally expect servers to be configured with static IP addresses.